Enable RPC encryption between Outook and Exchange server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17615	DTOO279 - Outlook	SV-18752r1_rule	ECSC-1	Medium

Description
By default, the remote procedure call (RPC) communication channel between an Outlook 2007 client computer and an Exchange server is not encrypted. If a malicious person is able to eavesdrop on the network traffic between Outlook and the server, they might be able to access confidential information.

STIG	Date
Microsoft Outlook 2007	2015-09-17

Details

Check Text ( C-18912r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools \ Account Settings -> Exchange “Enable RPC encryption” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\RPC Criteria: If the value EnableRPCEncryption is REG_DWORD = 1, this is not a finding.

Check Text ( C-18912r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools \ Account Settings -> Exchange “Enable RPC encryption” will be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\RPC

Criteria: If the value EnableRPCEncryption is REG_DWORD = 1, this is not a finding.

Fix Text (F-17529r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools \ Account Settings -> Exchange “Enable RPC encryption” will be set to “Enabled”.